Source port for sent packets, numeric value -1 means to use a random source port (the default situation), and other valid settings are 0 to 65535. normally this option will not be used, but sometimes it is useful to say scan from port 53 into a network.

Specify the timer used for pps calculations, the default is variable and will try and use something appropriate for the rate you have selected. Note however, if available, the tsc timer and the gtod timer are very CPU intensive. if you require unicornscan to not monopolize your system while running, consider using the sleep timer, normally 3. it has been observed that the tsc timer and gtod timer are required for high packet rates, however this is highly system dependent, and should be tested on each hardware/platform combination. The tsc timer may not be available on every cpu. The sleep timer module is not recommended for scans where utmost accuracy is required.

Enable processing of errors such as icmp error messages and reset+ack messages (for example). If this option is set then you will see responses that may or may not indicate the presence of a firewall, or other otherwise missed information.

Resolve dns hostnames before and after the scan (but not during, as that would likely cause superfluous spurious responses during the scan, especially if udp scanning). the hosts that will be resolved are (in order of resolution) the low and high addresses of the range, and finally each host address that replied with something that would be visible depending on other scan options. This option is not recommended for use during scans where utmost accuracy is required.

A string representing the intended sequence ignorance level. This affects the tcp header validity checking, normally used to filter noise from the scan. If for example you wish to see reset packets with an ack+seq that is not set or perhaps intended for something else appropriate use of this option would be R. A is normally used for more exotic tcp scanning. normally the R option is associated with reset scanning.

Path to a file where flat text will be dumped that normally would go to the users terminal. A limitation of this option currently is that it only logs the output of the `Main' thread and not the sender and receiver.

Numeric value representing the number of seconds to wait before declaring the scan over. for connect scans sometimes this option can be adjusted to get more accurate results, or if scanning a high-latency target network; for example.

This is arguably the most important option, it is a numeric option containing the desired packets per second for the sender to use. choosing a rate too high will cause your scan results to be incomplete. choosing a rate too low will likely make you feel as though you are using nmap.

The address to use to override the listeners default interfaces address. using this option often necessitates using the helper program fantaip(1) to make sure the replies are routed back to the interface the listener has open.

unicornscan -msf -s 5.4.3.2 -r 340 -Iv -epgsqldb www.domain.tld/21:80,8080,443,81 runs unicornscan in connect mode with an apparent (to the target) source address of 5.4.3.2 at a rate of 340 packets per second. results will be displayed as they are found -I and the output will be verbose -v. The module `pgsqldb' will be activated -epgsqldb and the target of this scan will be the /21 network that host www.domain.tld belongs to making attempts to connect to port 80, 8080, 443 and 81.